BFD: SHA1 authentication
Add authentication support to BFD feature. Out of three existing
authentication types, implement SHA1 (sole RFC requirement). Simple
password is insecure and MD5 is discouraged by the RFC, so ignore
those.
Add/change APIs to allow configuring BFD authentication keys
and their usage with BFD sessions.
Change-Id: Ifb0fb5b19c2e72196d84c1cde919bd4c074ea415
Signed-off-by: Klement Sekera <ksekera@cisco.com>
diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py
index 90c954d..72c18e6 100644
--- a/test/vpp_papi_provider.py
+++ b/test/vpp_papi_provider.py
@@ -992,16 +992,57 @@
self.api(self.papi.control_ping)
def bfd_udp_add(self, sw_if_index, desired_min_tx, required_min_rx,
- detect_mult, local_addr, peer_addr, is_ipv6=0):
- return self.api(self.papi.bfd_udp_add,
+ detect_mult, local_addr, peer_addr, is_ipv6=0,
+ bfd_key_id=None, conf_key_id=None):
+ if bfd_key_id is None:
+ return self.api(self.papi.bfd_udp_add,
+ {
+ 'sw_if_index': sw_if_index,
+ 'desired_min_tx': desired_min_tx,
+ 'required_min_rx': required_min_rx,
+ 'local_addr': local_addr,
+ 'peer_addr': peer_addr,
+ 'is_ipv6': is_ipv6,
+ 'detect_mult': detect_mult,
+ })
+ else:
+ return self.api(self.papi.bfd_udp_add,
+ {
+ 'sw_if_index': sw_if_index,
+ 'desired_min_tx': desired_min_tx,
+ 'required_min_rx': required_min_rx,
+ 'local_addr': local_addr,
+ 'peer_addr': peer_addr,
+ 'is_ipv6': is_ipv6,
+ 'detect_mult': detect_mult,
+ 'is_authenticated': 1,
+ 'bfd_key_id': bfd_key_id,
+ 'conf_key_id': conf_key_id,
+ })
+
+ def bfd_udp_auth_activate(self, sw_if_index, local_addr, peer_addr,
+ is_ipv6=0, bfd_key_id=None, conf_key_id=None,
+ is_delayed=False):
+ return self.api(self.papi.bfd_udp_auth_activate,
{
'sw_if_index': sw_if_index,
- 'desired_min_tx': desired_min_tx,
- 'required_min_rx': required_min_rx,
'local_addr': local_addr,
'peer_addr': peer_addr,
'is_ipv6': is_ipv6,
- 'detect_mult': detect_mult,
+ 'is_delayed': 1 if is_delayed else 0,
+ 'bfd_key_id': bfd_key_id,
+ 'conf_key_id': conf_key_id,
+ })
+
+ def bfd_udp_auth_deactivate(self, sw_if_index, local_addr, peer_addr,
+ is_ipv6=0, is_delayed=False):
+ return self.api(self.papi.bfd_udp_auth_deactivate,
+ {
+ 'sw_if_index': sw_if_index,
+ 'local_addr': local_addr,
+ 'peer_addr': peer_addr,
+ 'is_ipv6': is_ipv6,
+ 'is_delayed': 1 if is_delayed else 0,
})
def bfd_udp_del(self, sw_if_index, local_addr, peer_addr, is_ipv6=0):
@@ -1016,10 +1057,14 @@
def bfd_udp_session_dump(self):
return self.api(self.papi.bfd_udp_session_dump, {})
- def bfd_session_set_flags(self, bs_idx, admin_up_down):
- return self.api(self.papi.bfd_session_set_flags, {
- 'bs_index': bs_idx,
+ def bfd_udp_session_set_flags(self, admin_up_down, sw_if_index, local_addr,
+ peer_addr, is_ipv6=0):
+ return self.api(self.papi.bfd_udp_session_set_flags, {
'admin_up_down': admin_up_down,
+ 'sw_if_index': sw_if_index,
+ 'local_addr': local_addr,
+ 'peer_addr': peer_addr,
+ 'is_ipv6': is_ipv6,
})
def want_bfd_events(self, enable_disable=1):
@@ -1028,6 +1073,22 @@
'pid': os.getpid(),
})
+ def bfd_auth_set_key(self, conf_key_id, auth_type, key):
+ return self.api(self.papi.bfd_auth_set_key, {
+ 'conf_key_id': conf_key_id,
+ 'auth_type': auth_type,
+ 'key': key,
+ 'key_len': len(key),
+ })
+
+ def bfd_auth_del_key(self, conf_key_id):
+ return self.api(self.papi.bfd_auth_del_key, {
+ 'conf_key_id': conf_key_id,
+ })
+
+ def bfd_auth_keys_dump(self):
+ return self.api(self.papi.bfd_auth_keys_dump, {})
+
def classify_add_del_table(
self,
is_add,